Debian Security Advisory
DSA-2724-1 chromium-browser -- several vulnerabilities
- Date Reported:
- 17 Jul 2013
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-2853, CVE-2013-2867, CVE-2013-2868, CVE-2013-2869, CVE-2013-2870, CVE-2013-2871, CVE-2013-2873, CVE-2013-2875, CVE-2013-2876, CVE-2013-2877, CVE-2013-2878, CVE-2013-2879, CVE-2013-2880.
- More information:
Several vulnerabilities have been discovered in the Chromium web browser.
The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline).
Chrome does not properly prevent pop-under windows.
common/extensions/sync_helper.cc proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting.
Denial of service (out-of-bounds read) via a crafted JPEG2000 image.
Use-after-free vulnerability in network sockets.
Use-after-free vulnerability in input handling.
Use-after-free vulnerability in resource loading.
Out-of-bounds read in SVG file handling.
Chromium does not properly enforce restrictions on the capture of screenshots by extensions, which could lead to information disclosure from previous page visits.
Out-of-bounds read in XML file handling.
Out-of-bounds read in text handling.
The circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations were not propertly checked.
The Chromium 28 development team found various issues from internal fuzzing, audits, and other studies.
For the stable distribution (wheezy), these problems have been fixed in version 28.0.1500.71-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 28.0.1500.71-1.
We recommend that you upgrade your chromium-browser packages.